Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Inexpensive Webcam Turned into Backdoor

Researchers at Vectra Networks describe an attack against an inexpensive webcam and how they were able to turn it into a network backdoor.

Connecting a webcam to your home or office network might seem like a harmless thing, but researchers have figured out how to turn that connected device into a backdoor.

Researchers at Vectra Networks today released a report demonstrating how a $30 D-Link webcam can be abused by attackers and turned into a medium for sending additional commands or stealing data.

Vectra Networks said it contacted D-Link in early December and the issue has still not been addressed.

Chief security officer Gunter Ollmann said that such a threat is difficult to detect and remediate, especially on home networks.

“Devices that can be easily attached to the network and remotely controlled or managed via the Internet tend to be soft targets. The design of circuit boards, chipsets, and the requirement for software updates combined in to a simple and environmentally reliable package limits design options,” Ollmann said, adding that he would expect other vendors’ webcams and connected devices to be similarly vulnerable. “It doesn’t help that many of the popular ‘small footprint’ operating systems popularly used for mass-produced network devices are poorly secured themselves.”

Connected devices tend to lack the storage and processing power to be all that attractive to hackers. The Vectra report points out that attackers, instead, would focus on a device’s flash ROM, where running code is stored, and create a new flash image containing the tools necessary to run a backdoor.

“Once we have such a flash image, putting it in place could involve ‘updating’ an already deployed device or installing the backdoor onto the device somewhere in the delivery chain – i.e. before it is received and installed by the end customer,” the report said.

The report explains the attack against the D-Link WiFi Webcam, starting with the researchers being able to dump the contents of the device’s flash memory chip for analysis. This particular device’s firmware included a u-boot and Linux kernel and image. They were also able to dump the contents of the Linux image and access its filesystem, where they found an executable used to verify and update the firmware.

By analyzing the process by which the firmware is updated, they were able to eventually add a connect-back Socks proxy to the Linux system.

“This can either be accomplished with a srelay and netcat in the startup script or more optimized C code, or one could go with a simple callback backdoor with a shell using netcat and busybox which are already present on the system,” Vectra explained in its report. “Using the telnetd / busybox / netcat we can bring back a telnet socket to an outside host to have remote persistence to the webcam. With the webcam acting as a proxy, the attacker can now send control traffic into the network to advance his attack, and likewise use the webcam to siphon out stolen data.”

As more embedded devices become connected, experts and attackers alike are understanding that many of these tiny computers can be abused.

“From a criminal hackers perspective, the prospect of subverting cheap and ubiquitous [Internet of Things] technologies such as WebCams (which are widely deployed in both residential and commercial capacities) is a highly desirable target – and high up on the target list,” Ollmann said. “More to the point, devices that can be hijacked and server as backdoors, yet be popular second-hand items or items that can be easily concealed and physically deployed or swapped with an existing installations, are vital tools in organized crime and espionage.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.